Skip to content

Commit edf06a3

Browse files
committed
OAuth2AuthorizedClientArgumentResolver uses OAuth2AuthorizedClientManager @bean
Closes gh-8700
1 parent f5e0fe5 commit edf06a3

File tree

2 files changed

+124
-26
lines changed

2 files changed

+124
-26
lines changed

config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java

Lines changed: 46 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2002-2019 the original author or authors.
2+
* Copyright 2002-2020 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@
2020
import org.springframework.context.annotation.Import;
2121
import org.springframework.context.annotation.ImportSelector;
2222
import org.springframework.core.type.AnnotationMetadata;
23+
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
2324
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
2425
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
2526
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
@@ -33,7 +34,6 @@
3334
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
3435

3536
import java.util.List;
36-
import java.util.Optional;
3737

3838
/**
3939
* {@link Configuration} for OAuth 2.0 Client support.
@@ -67,47 +67,69 @@ static class OAuth2ClientWebMvcSecurityConfiguration implements WebMvcConfigurer
6767
private ClientRegistrationRepository clientRegistrationRepository;
6868
private OAuth2AuthorizedClientRepository authorizedClientRepository;
6969
private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient;
70+
private OAuth2AuthorizedClientManager authorizedClientManager;
7071

7172
@Override
7273
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
73-
if (this.clientRegistrationRepository != null && this.authorizedClientRepository != null) {
74-
OAuth2AuthorizedClientProviderBuilder authorizedClientProviderBuilder =
75-
OAuth2AuthorizedClientProviderBuilder.builder()
76-
.authorizationCode()
77-
.refreshToken()
78-
.password();
79-
if (this.accessTokenResponseClient != null) {
80-
authorizedClientProviderBuilder.clientCredentials(configurer ->
81-
configurer.accessTokenResponseClient(this.accessTokenResponseClient));
82-
} else {
83-
authorizedClientProviderBuilder.clientCredentials();
84-
}
85-
OAuth2AuthorizedClientProvider authorizedClientProvider = authorizedClientProviderBuilder.build();
86-
DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
87-
this.clientRegistrationRepository, this.authorizedClientRepository);
88-
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
74+
OAuth2AuthorizedClientManager authorizedClientManager = getAuthorizedClientManager();
75+
if (authorizedClientManager != null) {
8976
argumentResolvers.add(new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager));
9077
}
9178
}
9279

9380
@Autowired(required = false)
94-
public void setClientRegistrationRepository(List<ClientRegistrationRepository> clientRegistrationRepositories) {
81+
void setClientRegistrationRepository(List<ClientRegistrationRepository> clientRegistrationRepositories) {
9582
if (clientRegistrationRepositories.size() == 1) {
9683
this.clientRegistrationRepository = clientRegistrationRepositories.get(0);
9784
}
9885
}
9986

10087
@Autowired(required = false)
101-
public void setAuthorizedClientRepository(List<OAuth2AuthorizedClientRepository> authorizedClientRepositories) {
88+
void setAuthorizedClientRepository(List<OAuth2AuthorizedClientRepository> authorizedClientRepositories) {
10289
if (authorizedClientRepositories.size() == 1) {
10390
this.authorizedClientRepository = authorizedClientRepositories.get(0);
10491
}
10592
}
10693

107-
@Autowired
108-
public void setAccessTokenResponseClient(
109-
Optional<OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>> accessTokenResponseClient) {
110-
accessTokenResponseClient.ifPresent(client -> this.accessTokenResponseClient = client);
94+
@Autowired(required = false)
95+
void setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
96+
this.accessTokenResponseClient = accessTokenResponseClient;
97+
}
98+
99+
@Autowired(required = false)
100+
void setAuthorizedClientManager(List<OAuth2AuthorizedClientManager> authorizedClientManagers) {
101+
if (authorizedClientManagers.size() == 1) {
102+
this.authorizedClientManager = authorizedClientManagers.get(0);
103+
}
104+
}
105+
106+
private OAuth2AuthorizedClientManager getAuthorizedClientManager() {
107+
if (this.authorizedClientManager != null) {
108+
return this.authorizedClientManager;
109+
}
110+
111+
OAuth2AuthorizedClientManager authorizedClientManager = null;
112+
if (this.clientRegistrationRepository != null && this.authorizedClientRepository != null) {
113+
if (this.accessTokenResponseClient != null) {
114+
OAuth2AuthorizedClientProvider authorizedClientProvider =
115+
OAuth2AuthorizedClientProviderBuilder.builder()
116+
.authorizationCode()
117+
.refreshToken()
118+
.clientCredentials(configurer ->
119+
configurer.accessTokenResponseClient(this.accessTokenResponseClient))
120+
.password()
121+
.build();
122+
DefaultOAuth2AuthorizedClientManager defaultAuthorizedClientManager =
123+
new DefaultOAuth2AuthorizedClientManager(
124+
this.clientRegistrationRepository, this.authorizedClientRepository);
125+
defaultAuthorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
126+
authorizedClientManager = defaultAuthorizedClientManager;
127+
} else {
128+
authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
129+
this.clientRegistrationRepository, this.authorizedClientRepository);
130+
}
131+
}
132+
return authorizedClientManager;
111133
}
112134
}
113135
}

config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java

Lines changed: 78 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2002-2019 the original author or authors.
2+
* Copyright 2002-2020 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -25,13 +25,15 @@
2525
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
2626
import org.springframework.security.config.test.SpringTestRule;
2727
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
28+
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
2829
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
2930
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
3031
import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
3132
import org.springframework.security.oauth2.client.registration.ClientRegistration;
3233
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
3334
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
3435
import org.springframework.security.oauth2.core.OAuth2AccessToken;
36+
import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
3537
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
3638
import org.springframework.test.web.servlet.MockMvc;
3739
import org.springframework.web.bind.annotation.GetMapping;
@@ -41,7 +43,14 @@
4143
import javax.servlet.http.HttpServletRequest;
4244

4345
import static org.assertj.core.api.Assertions.assertThatThrownBy;
44-
import static org.mockito.Mockito.*;
46+
import static org.mockito.Mockito.any;
47+
import static org.mockito.Mockito.eq;
48+
import static org.mockito.Mockito.mock;
49+
import static org.mockito.Mockito.times;
50+
import static org.mockito.Mockito.verify;
51+
import static org.mockito.Mockito.verifyNoInteractions;
52+
import static org.mockito.Mockito.verifyZeroInteractions;
53+
import static org.mockito.Mockito.when;
4554
import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientCredentials;
4655
import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
4756
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
@@ -314,4 +323,71 @@ public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> acce
314323
return mock(OAuth2AccessTokenResponseClient.class);
315324
}
316325
}
326+
327+
// gh-8700
328+
@Test
329+
public void requestWhenAuthorizedClientManagerConfiguredThenUsed() throws Exception {
330+
String clientRegistrationId = "client1";
331+
String principalName = "user1";
332+
TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
333+
334+
ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
335+
OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class);
336+
OAuth2AuthorizedClientManager authorizedClientManager = mock(OAuth2AuthorizedClientManager.class);
337+
338+
ClientRegistration clientRegistration = clientRegistration().registrationId(clientRegistrationId).build();
339+
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
340+
clientRegistration, principalName, TestOAuth2AccessTokens.noScopes());
341+
342+
when(authorizedClientManager.authorize(any())).thenReturn(authorizedClient);
343+
344+
OAuth2AuthorizedClientManagerRegisteredConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository;
345+
OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository;
346+
OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_MANAGER = authorizedClientManager;
347+
this.spring.register(OAuth2AuthorizedClientManagerRegisteredConfig.class).autowire();
348+
349+
this.mockMvc.perform(get("/authorized-client").with(authentication(authentication)))
350+
.andExpect(status().isOk())
351+
.andExpect(content().string("resolved"));
352+
353+
verify(authorizedClientManager).authorize(any());
354+
verifyNoInteractions(clientRegistrationRepository);
355+
verifyNoInteractions(authorizedClientRepository);
356+
}
357+
358+
@EnableWebMvc
359+
@EnableWebSecurity
360+
static class OAuth2AuthorizedClientManagerRegisteredConfig extends WebSecurityConfigurerAdapter {
361+
static ClientRegistrationRepository CLIENT_REGISTRATION_REPOSITORY;
362+
static OAuth2AuthorizedClientRepository AUTHORIZED_CLIENT_REPOSITORY;
363+
static OAuth2AuthorizedClientManager AUTHORIZED_CLIENT_MANAGER;
364+
365+
@Override
366+
protected void configure(HttpSecurity http) {
367+
}
368+
369+
@RestController
370+
public class Controller {
371+
372+
@GetMapping("/authorized-client")
373+
public String authorizedClient(@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
374+
return authorizedClient != null ? "resolved" : "not-resolved";
375+
}
376+
}
377+
378+
@Bean
379+
public ClientRegistrationRepository clientRegistrationRepository() {
380+
return CLIENT_REGISTRATION_REPOSITORY;
381+
}
382+
383+
@Bean
384+
public OAuth2AuthorizedClientRepository authorizedClientRepository() {
385+
return AUTHORIZED_CLIENT_REPOSITORY;
386+
}
387+
388+
@Bean
389+
public OAuth2AuthorizedClientManager authorizedClientManager() {
390+
return AUTHORIZED_CLIENT_MANAGER;
391+
}
392+
}
317393
}

0 commit comments

Comments
 (0)